Lucene search
+L

477 matches found

Nuclei
Nuclei
added 18 hours ago51 views

Apache Tomcat - HTTP Request Smuggling

Apache Tomcat from versions 8.5.0 to 8.5.93, 9.0.0-M1 to 9.0.81, 10.1.0-M1 to 10.1.13, and 11.0.0-M1 to 11.0.0-M11 contain an improper input validation caused by incorrect parsing of HTTP trailer headers, letting attackers craft headers to cause request smuggling, exploit requires sending malicio...

5.3CVSS6.6AI score0.05848EPSS
Exploits2References3
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-10051

In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first request. Subsequent request that do have trailers report the...

6.9CVSS0.00253EPSS
Exploits1References1
Cvelist
Cvelist
added 3 days ago25 views

CVE-2026-58229 Unbounded HTTP/1 response-header and chunked-trailer accumulation in Mint causes memory-exhaustion DoS

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decodeheaders/5 and Mint.HTTP1.decodetrailerheaders/4 functions in lib/mint/http1.ex accumulate every parsed...

8.2CVSS0.00305EPSS
Exploits0References4
CVE
CVE
added 3 days ago8 views

CVE-2026-58229

The CVE-2026-58229 issue affects the Elixir Mint HTTP client. Mint.HTTP1.decode_headers/5 and Mint.HTTP1.decode_trailer_headers/4 accumulate all parsed response headers and trailer fields into a request.headers_buffer without a cap, and decoding uses unlimited per-line/packet limits. A malicious ...

8.2CVSS6.2AI score0.00305EPSS
Exploits0References4
CVE
CVE
added 3 days ago7 views

CVE-2026-12606

CVE-2026-12606 affects Eclipse Grizzly prior to 5.0.2. The issue is in parsing the trailer section of malformed trailer headers, which can be exploited to perform HTTP request smuggling. Affected component: Grizzly HTTP parsing logic. Root cause: improper handling of trailer headers in malformed ...

6.3CVSS6.1AI score0.00188EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 3 days ago25 views

CVE-2026-12606

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling...

6.3CVSS0.00188EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43641

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling...

6.3CVSS6.1AI score0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago6 views

PT-2026-57984

Name of the Vulnerable Software and Affected Versions Eclipse Grizzly versions prior to 5.0.2 Description An issue exists where the software cannot properly parse the trailer section in a malformed trailer header line. This flaw can be leveraged to perform HTTP request smuggling, a technique used...

6.3CVSS6.1AI score0.00188EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/10 8:15 a.m.10 views

CVE-2026-40898

A flaw was found in quic-go, an implementation of the QUIC protocol in Go. A remote attacker can exploit this by sending specially crafted HTTP/3 trailer fields. This can cause the system to allocate excessive memory, leading to a denial-of-service DoS condition where the affected server or clien...

7.5CVSS6AI score0.00279EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/02 10:17 p.m.8 views

HTTP Request Smuggling

Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to HTTP Request Smuggling in the request process. An attacker can bypass request boundaries and interfere with HTTP...

6.9CVSS6AI score0.00352EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 9:16 p.m.3 views

DEBIAN-CVE-2026-38969

Bulletin has no description...

6.1AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 9:16 p.m.9 views

CVE-2026-38969

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

0.00352EPSS
Exploits0
OSV
OSV
added 2026/07/02 9:16 p.m.5 views

UBUNTU-CVE-2026-38969

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

7.5CVSS6.1AI score0.00352EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55310

Name of the Vulnerable Software and Affected Versions webrick versions prior to 1.9.3 Description WEBrick reparses the trailer Content-Length into the canonical request state, which enables request smuggling. Request smuggling is a technique that interferes with the way a website processes...

7.5CVSS6AI score0.00352EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/07/02 12:0 a.m.9 views

CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. NOTE: the Supplier reports that "The project README states that it is suitable for testing and development, and that its developers do not encourage its use to serve...

7.5CVSS6.1AI score0.00352EPSS
Exploits0
RubySec
RubySec
added 2026/07/02 12:0 a.m.6 views

ruby webrick through v1.9.2 WEBrick reparses trailer

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

7.5CVSS5.9AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. NOTE: the Supplier reports that "The project README states that it is suitable for testing and development, and that its developers do not encourage its use to serve...

7.5CVSS6.1AI score0.00352EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 12:0 a.m.40 views

CVE-2026-38969

...

0.00352EPSS
Exploits0
CVE
CVE
added 2026/07/02 12:0 a.m.34 views

CVE-2026-38969

CVE-2026-38969 entry is rejected/not used and does not represent an active vulnerability.

6.1AI score0.00352EPSS
Exploits0
OSV
OSV
added 2026/06/18 7:22 a.m.6 views

MGASA-2026-0219 Updated python-pillow packages fix security vulnerabilities

Integer overflow when processing fonts. CVE-2026-42308 PDF Parsing Trailer Infinite Loop DoS. CVE-2026-42310...

5.5CVSS5.3AI score0.00126EPSS
Exploits0References5
Rows per page
Query Builder